Please do not respond or reply to this automated e-mail. If you have any

questions or comments, please Contact your ADP Benefits Specialist.

Thank You,

ADP Benefit Services

#2

ADP Generated Message: Final Notice - Digital Certificate Expiration

This e-mail has been sent from an automated system. PLEASE DO NOT REPLY. If you have any questions, please contact your administrator for assistance.

---------------------------------------------------------------------Digital Certificate About to Expire---------------------------------------------------------------------The digital certificate you use to access ADP's Internet services is about to expire. If you do not renew your certificate by the expiration date below, you will not be able to access ADP's Internet services.

3. Also you can download new digital certificate at https://netsecure.adp.com/pages/cert/pickUpCert.faces.

---------------------------------------------------------------------Deleting Your Old Digital Certificate---------------------------------------------------------------------After you renew your digital certificate, be sure to delete the old certificate. Follow the instructions at the end of the renewal process.

When clicking on one of the links in the mail, you get redirected to a compromised webpage, which will load the exploit on your system. The exploit kit responsible is Blackhole.

Disable Java in your browser(s) or uninstall if you have no use for it. Brian Krebs has made a nice post on how to disable Java on several platforms & browsers:How to Unplug Java from the Browser

Specifically for this exploit, you can block the following IP ranges in your Firewall or hostfile:(or at least block the ones mentioned in this post)223.25.233.0 --> 223.25.233.255209.59.222.0 --> 209.59.222.255

Use an antivirus which has or uses behavioural technologies and/or exploit prevention.

Delete emails from unknown senders, never click on links in a mail you allegedly get from your bank, from UPS, or in this case ADP. If you happen to have placed an order or a bank transfer of any kind; go to the website directly in your browser, by typing it in manually.

Note that the links to ADP in this post are not malicious, however the URL behind them was. You can verify this by 'hovering' over the URL to check what is really behind.

Use the add-on NoScript (Firefox) or NotScripts (Chrome) to prevent automatic loading of malicious Javascripts.